Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: receiving a request to access a resource of a computer system storing a first plurality of authorization plugin modules; obtaining, by the computer system, a configuration identifying a second plurality of authorization plugin modules that is a proper subset of the first plurality of authorization plugin modules by accessing a configuration file identifying the second plurality of authorization plugin modules; executing, by the computer system, each of the second plurality of authorization plugin modules to generate a plurality of authorization decisions; obtaining, by the computer system, an authorization policy specifying logic to determine whether to grant the request based on the plurality of authorization decisions by accessing a policy database comprising a plurality of authorization policies; and determining, by the computer system, whether to grant the request using the logic specified in the authorization policy and the plurality of authorization decisions.
2. The method of claim 1 , wherein at least one of the second plurality of authorization plugin modules is configured by an external mechanism.
3. The method of claim 1 , wherein the authorization policy is defined in extensible access control markup language.
4. The method of claim 1 , wherein the authorization policy implements a Java™ authorization contract for containers.
5. The method of claim 1 , wherein a first authorization plugin module exchanges information with a second authorization plugin module using a protocol selected by an external mechanism.
6. The method of claim 1 , wherein determining whether to grant the request comprises a cumulative decision of the plurality of authorization decisions.
7. An apparatus comprising: data storage to store a first plurality of authorization plugin modules; and a server coupled to the data storage to: receive a request to access a resource; obtain a configuration identifying a second plurality of authorization plugin modules that is a proper subset of the first plurality of authorization plugin modules by accessing a configuration file identifying the second plurality of authorization plugin modules; execute each of the second plurality of authorization plugin modules to generate a plurality of authorization decisions; obtain an authorization policy specifying logic to determine whether to grant the request based on the plurality of authorization decisions by accessing a policy database comprising a plurality of authorization policies; and determine whether to grant the request using the logic specified in the authorization policy and the plurality of authorization decisions.
8. The apparatus of claim 7 , wherein the authorization policy is based on a set of rules.
9. The apparatus of claim 7 , wherein determining whether to grant the request is based on the contents of an object.
10. The apparatus of claim 7 , wherein determining whether to grant the request is based on an editable file that associates the second plurality of authorization plugin modules with a calling application that provided the request.
11. The apparatus of claim 7 , wherein determining whether to grant the request comprises combining the plurality of authorization decisions.
12. The apparatus of claim 7 , wherein the authorization policy is defined in extensible access control markup language.
13. The apparatus of claim 7 , wherein the authorization policy implements a Java™ authorization contract for containers.
14. The apparatus of claim 7 , wherein a first authorization plugin module communicates with a second authorization plugin module using a protocol selected by an external mechanism.
Unknown
August 12, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.